[18684] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: SecurID and garage door openers

daemon@ATHENA.MIT.EDU (Adam Shostack)
Tue Oct 18 13:18:15 2005

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Tue, 18 Oct 2005 12:23:18 -0400
From: Adam Shostack <adam@homeport.org>
To: "Travis H." <solinym@gmail.com>
Cc: cryptography@metzdowd.com
In-Reply-To: <d4f1333a0510180125v2b2ad2d5h759e037979794c54@mail.gmail.com>

On Tue, Oct 18, 2005 at 03:25:40AM -0500, Travis H. wrote:
| Speaking of two-factor authentication, can anyone explain how servers
| validate the code from a SecurID token in the presence of clockskew? 
| Does it look backwards and forwards in time a few minutes?

Yes, it rolls forward and back 3-5 cycles.  The server maintains a
list of what time it thinks the token thinks it is.  So its not
testing what time it is, its testing what time the token thinks it is.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[18684] in cryptography@c2.net mail archive

Re: SecurID and garage door openers

daemon@ATHENA.MIT.EDU (Adam Shostack)Tue Oct 18 13:18:15 2005

daemon@ATHENA.MIT.EDU (Adam Shostack)
Tue Oct 18 13:18:15 2005